Skip to content

Add Support for OAuth in athena-sqlserver Connector #3006

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
burhan94 merged 3 commits into from
Sep 29, 2025
Merged

Add Support for OAuth in athena-sqlserver Connector #3006

burhan94 merged 3 commits into from
Sep 29, 2025

Conversation

@Trianz-Akshay
Copy link
Contributor

@Trianz-Akshay Trianz-Akshay commented Sep 17, 2025

Issue #, if available:

Description of changes:
This PR introduces support for OAuth-based authentication in the SQL Server connector using Microsoft Entra ID with the client_credentials grant type. The connector obtains Bearer tokens directly from Entra ID and manages them securely via AWS Secrets Manager.

Users must store the following credentials in AWS Secrets Manager:
{
"client_id": "",
"client_secret": "",
"tenant_id": ""
}

The connector uses these credentials to fetch a new access token from Microsoft Entra ID's token endpoint. After fetching, it updates the secret with access_token, fetched_at and expires_in. Token refresh is handled automatically when the token is close to expiry, using these stored values. Please find attached reference and test documents.
OAuth.Integration.in.sqlserver.docx

sqlserver-oauth-testing.odt

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@amazon-inspector-n-virginia
Copy link

amazon-inspector-n-virginia bot commented Sep 17, 2025

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

1 similar comment
@amazon-inspector-n-virginia
Copy link

amazon-inspector-n-virginia bot commented Sep 17, 2025

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

@amazon-inspector-n-virginia
Copy link

amazon-inspector-n-virginia bot commented Sep 17, 2025

✅ I finished the code review, and didn't find any security or code quality issues.

1 similar comment
@amazon-inspector-n-virginia
Copy link

amazon-inspector-n-virginia bot commented Sep 17, 2025

✅ I finished the code review, and didn't find any security or code quality issues.

@Trianz-Akshay Trianz-Akshay force-pushed the feature/sqlserver-oauth branch from f7367d8 to 22ab0a9 Compare September 17, 2025 07:46
@codecov
Copy link

codecov bot commented Sep 17, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 67.85714% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.59%. Comparing base (fe0a5d9) to head (6fbe336).
⚠️ Report is 31 commits behind head on master.

Files with missing lines Patch % Lines
...s/sqlserver/SqlServerOAuthCredentialsProvider.java 80.00% 0 Missing and 4 partials ⚠️
...a/connectors/sqlserver/SqlServerRecordHandler.java 0.00% 4 Missing ⚠️
...connectors/sqlserver/SqlServerMetadataHandler.java 75.00% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #3006      +/-   ##
============================================
+ Coverage     63.67%   64.59%   +0.91%     
- Complexity     4344     4602     +258     
============================================
  Files           621      633      +12     
  Lines         23286    24074     +788     
  Branches       2859     2988     +129     
============================================
+ Hits          14827    15550     +723     
- Misses         7070     7091      +21     
- Partials       1389     1433      +44

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@burhan94
Copy link
Collaborator

burhan94 commented Sep 17, 2025

This looks great, the PR that was merged here (#2932) really simplified the implementation for the rest of the connectors

burhan94
burhan94 reviewed Sep 17, 2025
View reviewed changes
...c/main/java/com/amazonaws/athena/connectors/sqlserver/SqlServerOAuthCredentialsProvider.java Outdated
String tokenEndpoint = String.format(TOKEN_ENDPOINT_FORMAT, tenantId);

String formData = String.format(
"grant_type=client_credentials&scope=%s&client_id=%s&client_secret=%s",
Copy link
Collaborator

@burhan94 burhan94 Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: make this into a static var as well

Copy link
Contributor Author

@Trianz-Akshay Trianz-Akshay Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has been addressed. Thanks.

@Trianz-Akshay Trianz-Akshay force-pushed the feature/sqlserver-oauth branch from 2134f44 to 57fe2cd Compare September 18, 2025 06:55
@burhan94 burhan94 merged commit 557ef82 into awslabs:master Sep 29, 2025
8 checks passed
github-actions bot pushed a commit that referenced this pull request Oct 16, 2025
Cut release 2025.41.1
d48bb7e 
  - build(deps): bump io.confluent:kafka-avro-serializer from 8.0.0 to 8.0.2 (#3055)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.35.0 to 2.35.5 (#3057)
  - build(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 (#3061)
  - Remove timestamp case from SnowflakeQueryStringBuilder (#2997)
  - build(deps): bump io.substrait.version from 0.65.0 to 0.66.0 (#3051)
  - build(deps): bump com.google.cloud:google-cloud-storage from 2.58.0 to 2.58.1 (#3059)
  - build(deps): bump org.postgresql:postgresql from 42.7.7 to 42.7.8 (#3063)
  - build(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 (#3062)
  - build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.9.4 to 4.9.6 (#3058)
  - build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 (#3060)
  - build(deps): bump net.sf.jt400:jt400 from 21.0.5 to 21.0.6 (#3053)
  - build(deps): bump com.teradata.jdbc:terajdbc from 20.00.00.50 to 20.00.00.51 (#3054)
  - build(deps): bump org.elasticsearch.client:elasticsearch-rest-client from 9.1.3 to 9.1.5 (#3056)
  - build(deps): bump org.bouncycastle:bcpkix-jdk18on from 1.81 to 1.82 (#3050)
  - build(deps): bump org.eclipse.rdf4j:rdf4j-repository-sparql from 5.1.6 to 5.2.0 (#3052)
  - build(deps): bump software.amazon.jsii:jsii-runtime from 1.114.1 to 1.115.0 (#3048)
  - build(deps): bump aws-sdk-v2.version from 2.34.5 to 2.35.0 (#3039)
  - build(deps-dev): bump nl.jqno.equalsverifier:equalsverifier from 4.1.1 to 4.2 (#3037)
  - build(deps): bump aws-sdk.version from 1.12.791 to 1.12.792 (#3035)
  - build(deps): bump net.java.dev.jna:jna-platform from 5.17.0 to 5.18.1 (#3038)
  - build(deps-dev): bump log4j2Version from 2.25.1 to 2.25.2 (#3029)
  - build(deps): bump io.substrait.version from 0.52.0 to 0.65.0 (#3021)
  - build(deps): bump org.assertj:assertj-core from 3.27.4 to 3.27.6 (#3019)
  - build(deps): bump com.amazonaws:aws-lambda-java-core from 1.3.0 to 1.4.0 (#3020)
  - build(deps): bump net.java.dev.jna:jna from 5.17.0 to 5.18.1 (#3034)
  - build(deps): bump org.jetbrains.kotlin:kotlin-stdlib from 2.2.10 to 2.2.20 (#3027)
  - build(deps): bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#3033)
  - build(deps): bump org.bouncycastle:bcprov-jdk18on from 1.81 to 1.82 (#3022)
  - build(deps): bump org.bouncycastle:bcutil-jdk18on from 1.81 to 1.82 (#3024)
  - build(deps): bump org.sonatype.central:central-publishing-maven-plugin from 0.8.0 to 0.9.0 (#3026)
  - build(deps): bump org.codehaus.mojo:license-maven-plugin from 2.6.0 to 2.7.0 (#3023)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.33.8 to 2.35.0 (#3040)
  - Add Support for OAuth in athena-saphana Connector (#2894)
  - build(deps): bump aws-actions/configure-aws-credentials from 4 to 5 (#2975)
  - build(deps): bump actions/setup-node from 4 to 5 (#2976)
  - [Neptune] Add doc details on how multi-valued properties are handled. (#2995)
  - build(deps): bump org.jetbrains.kotlin:kotlin-reflect from 2.2.10 to 2.2.20 (#3028)
  - build(deps): bump software.amazon.glue:schema-registry-serde from 1.1.24 to 1.1.25 (#3030)
  - build(deps): bump org.jetbrains.kotlin:kotlin-stdlib-jdk8 from 2.2.10 to 2.2.20 (#3031)
  - build(deps): bump com.teradata.jdbc:terajdbc from 20.00.00.49 to 20.00.00.50 (#3032)
  - build(deps): bump aws-sdk-v2.version from 2.34.3 to 2.34.5 (#3017)
  - Add Support for OAuth in athena-sqlserver Connector (#3006)
  - Add Support for OAuth in athena-synapse Connector (#2904)
  - build(deps): bump software.amazon.jsii:jsii-runtime from 1.113.0 to 1.114.1 (#2979)
  - build(deps): bump org.apache.calcite.version from 1.39.0 to 1.40.0 (#2980)
  - build(deps): bump aws-sdk.version from 1.12.788 to 1.12.791 (#2981)
  - build(deps): bump org.eclipse.rdf4j:rdf4j-repository-sparql from 5.1.4 to 5.1.5 (#2983)
  - build(deps): bump com.clickhouse:clickhouse-jdbc from 0.9.1 to 0.9.2 (#2985)
  - build(deps): bump net.snowflake:snowflake-jdbc from 3.26.0 to 3.26.1 (#2987)
  - build(deps): bump org.yaml:snakeyaml from 2.4 to 2.5 (#2988)
  - build(deps-dev): bump nl.jqno.equalsverifier:equalsverifier from 4.0.9 to 4.1 (#2998)
  - build(deps): bump aws-sdk-v2.version from 2.32.29 to 2.33.9 (#2999)
  - build(deps): bump org.apache.kafka:kafka-clients from 4.0.0 to 4.1.0 (#3000)
  - build(deps): bump surefire.failsafe.version from 3.5.3 to 3.5.4 (#3001)
  - build(deps): bump com.microsoft.azure:msal4j from 1.22.0 to 1.23.1 (#3002)
  - build(deps): bump org.apache.maven.plugins:maven-shade-plugin from 3.6.0 to 3.6.1 (#3003)
  - build(deps): bump com.google.cloud:google-cloud-storage from 2.55.0 to 2.57.0 (#3004)
  - build(deps): bump com.sap.cloud.db.jdbc:ngdbc from 2.25.12 to 2.26.6 (#3012)
  - build(deps): bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1 (#3011)
  - Fixing error messages to not leak sensitive info (#3008)
  - Include linked accounts option when querying metric_samples table. (#2922)
github-actions bot pushed a commit to Jithendar12/aws-athena-query-federation that referenced this pull request Nov 28, 2025
Cut release 2025.47.1
80d8cef 
  - Update runner and slug
  - Update GitHub Actions workflows to build with Java 11 and 17
  - Remove hard-coded Glue list-jobs --max-results 100 to find all Glue jobs (awslabs#3127)
  - Added unit tests in athena-synapse Connector (awslabs#2963)
  - Updating EncryptionKeyFactory to add overirde AWS request configuration in KMS calls made generate encryption key (awslabs#3103)
  - Fix epoch date conversion correctness issue when machine time zone is not in UTC (awslabs#3108)
  - Fix CVE-2025-48924: Upgrade Apache Commons Lang3 to 3.19.0 (awslabs#3100)
  - Revise Athena Federated Queries instructions in README (awslabs#3069)
  - fix snowflake QPT return empty result (awslabs#3106)
  - add view into oracle paginated query (awslabs#3107)
  - build(deps): bump com.google.protobuf:protobuf-bom from 4.32.1 to 4.33.0 (awslabs#3071)
  - build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.9.7 to 4.9.8 (awslabs#3076)
  - build(deps): bump org.apache.avro:avro from 1.12.0 to 1.12.1 (awslabs#3075)
  - Handle ResourceNotFoundException from Dynamodb as AthenaConnectorExce… (awslabs#3098)
  - Added unit tests for bigquery (awslabs#2950)
  - Update PostgreSQL engine version to 15.10 (awslabs#3099)
  - Add unit tests for athena-oracle. (awslabs#2836)
  - Adding support to use custom SecretManagerClient for Google Big Query (awslabs#2846)
  - Added unit tests for athena-cloudera-impala Connector (awslabs#2880)
  - added unit tests for athena-vertica. (awslabs#2783)
  - added unit tests for athena-redshift. (awslabs#2733)
  - Always include partition column when get-table-layout (awslabs#3045)
  - fix cloudwatch glue connection cfn template (awslabs#3013)
  - Added unit tests for JDBC module (awslabs#2732)
  - Added pagination for Db2 connector (awslabs#2772)
  - [Fix] Include default truststore path when passing JAVA_TOOL_OPTIONS for Java 17 image (awslabs#3007)
  - build(deps): bump com.google.guava:guava from 33.4.0-jre to 33.4.8-jre (awslabs#2728)
  - Handle KMS and DDB NotFoundExceptions by throwing AthenaConnectorException (awslabs#3064)
  - build(deps): bump aws-sdk-v2.version from 2.35.1 to 2.35.5 (awslabs#3047)
  - build(deps): bump io.confluent:kafka-avro-serializer from 8.0.0 to 8.0.2 (awslabs#3055)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.35.0 to 2.35.5 (awslabs#3057)
  - build(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 (awslabs#3061)
  - Remove timestamp case from SnowflakeQueryStringBuilder (awslabs#2997)
  - build(deps): bump io.substrait.version from 0.65.0 to 0.66.0 (awslabs#3051)
  - build(deps): bump com.google.cloud:google-cloud-storage from 2.58.0 to 2.58.1 (awslabs#3059)
  - build(deps): bump org.postgresql:postgresql from 42.7.7 to 42.7.8 (awslabs#3063)
  - build(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 (awslabs#3062)
  - build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.9.4 to 4.9.6 (awslabs#3058)
  - build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 (awslabs#3060)
  - build(deps): bump net.sf.jt400:jt400 from 21.0.5 to 21.0.6 (awslabs#3053)
  - build(deps): bump com.teradata.jdbc:terajdbc from 20.00.00.50 to 20.00.00.51 (awslabs#3054)
  - build(deps): bump org.elasticsearch.client:elasticsearch-rest-client from 9.1.3 to 9.1.5 (awslabs#3056)
  - build(deps): bump org.bouncycastle:bcpkix-jdk18on from 1.81 to 1.82 (awslabs#3050)
  - build(deps): bump org.eclipse.rdf4j:rdf4j-repository-sparql from 5.1.6 to 5.2.0 (awslabs#3052)
  - build(deps): bump software.amazon.jsii:jsii-runtime from 1.114.1 to 1.115.0 (awslabs#3048)
  - build(deps): bump aws-sdk-v2.version from 2.34.5 to 2.35.0 (awslabs#3039)
  - build(deps-dev): bump nl.jqno.equalsverifier:equalsverifier from 4.1.1 to 4.2 (awslabs#3037)
  - build(deps): bump aws-sdk.version from 1.12.791 to 1.12.792 (awslabs#3035)
  - build(deps): bump net.java.dev.jna:jna-platform from 5.17.0 to 5.18.1 (awslabs#3038)
  - build(deps-dev): bump log4j2Version from 2.25.1 to 2.25.2 (awslabs#3029)
  - build(deps): bump io.substrait.version from 0.52.0 to 0.65.0 (awslabs#3021)
  - build(deps): bump org.assertj:assertj-core from 3.27.4 to 3.27.6 (awslabs#3019)
  - build(deps): bump com.amazonaws:aws-lambda-java-core from 1.3.0 to 1.4.0 (awslabs#3020)
  - build(deps): bump net.java.dev.jna:jna from 5.17.0 to 5.18.1 (awslabs#3034)
  - build(deps): bump org.jetbrains.kotlin:kotlin-stdlib from 2.2.10 to 2.2.20 (awslabs#3027)
  - build(deps): bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (awslabs#3033)
  - build(deps): bump org.bouncycastle:bcprov-jdk18on from 1.81 to 1.82 (awslabs#3022)
  - build(deps): bump org.bouncycastle:bcutil-jdk18on from 1.81 to 1.82 (awslabs#3024)
  - build(deps): bump org.sonatype.central:central-publishing-maven-plugin from 0.8.0 to 0.9.0 (awslabs#3026)
  - build(deps): bump org.codehaus.mojo:license-maven-plugin from 2.6.0 to 2.7.0 (awslabs#3023)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.33.8 to 2.35.0 (awslabs#3040)
  - Add Support for OAuth in athena-saphana Connector (awslabs#2894)
  - build(deps): bump aws-actions/configure-aws-credentials from 4 to 5 (awslabs#2975)
  - build(deps): bump actions/setup-node from 4 to 5 (awslabs#2976)
  - [Neptune] Add doc details on how multi-valued properties are handled. (awslabs#2995)
  - build(deps): bump org.jetbrains.kotlin:kotlin-reflect from 2.2.10 to 2.2.20 (awslabs#3028)
  - build(deps): bump software.amazon.glue:schema-registry-serde from 1.1.24 to 1.1.25 (awslabs#3030)
  - build(deps): bump org.jetbrains.kotlin:kotlin-stdlib-jdk8 from 2.2.10 to 2.2.20 (awslabs#3031)
  - build(deps): bump com.teradata.jdbc:terajdbc from 20.00.00.49 to 20.00.00.50 (awslabs#3032)
  - build(deps): bump aws-sdk-v2.version from 2.34.3 to 2.34.5 (awslabs#3017)
  - Add Support for OAuth in athena-sqlserver Connector (awslabs#3006)
  - Add Support for OAuth in athena-synapse Connector (awslabs#2904)
  - build(deps): bump software.amazon.jsii:jsii-runtime from 1.113.0 to 1.114.1 (awslabs#2979)
  - build(deps): bump org.apache.calcite.version from 1.39.0 to 1.40.0 (awslabs#2980)
  - build(deps): bump aws-sdk.version from 1.12.788 to 1.12.791 (awslabs#2981)
  - build(deps): bump org.eclipse.rdf4j:rdf4j-repository-sparql from 5.1.4 to 5.1.5 (awslabs#2983)
  - build(deps): bump com.clickhouse:clickhouse-jdbc from 0.9.1 to 0.9.2 (awslabs#2985)
  - build(deps): bump net.snowflake:snowflake-jdbc from 3.26.0 to 3.26.1 (awslabs#2987)
  - build(deps): bump org.yaml:snakeyaml from 2.4 to 2.5 (awslabs#2988)
  - build(deps-dev): bump nl.jqno.equalsverifier:equalsverifier from 4.0.9 to 4.1 (awslabs#2998)
  - build(deps): bump aws-sdk-v2.version from 2.32.29 to 2.33.9 (awslabs#2999)
  - build(deps): bump org.apache.kafka:kafka-clients from 4.0.0 to 4.1.0 (awslabs#3000)
  - build(deps): bump surefire.failsafe.version from 3.5.3 to 3.5.4 (awslabs#3001)
  - build(deps): bump com.microsoft.azure:msal4j from 1.22.0 to 1.23.1 (awslabs#3002)
  - build(deps): bump org.apache.maven.plugins:maven-shade-plugin from 3.6.0 to 3.6.1 (awslabs#3003)
  - build(deps): bump com.google.cloud:google-cloud-storage from 2.55.0 to 2.57.0 (awslabs#3004)
  - build(deps): bump com.sap.cloud.db.jdbc:ngdbc from 2.25.12 to 2.26.6 (awslabs#3012)
  - build(deps): bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1 (awslabs#3011)
  - Fixing error messages to not leak sensitive info (awslabs#3008)
  - Include linked accounts option when querying metric_samples table. (awslabs#2922)
  - Updating Zookeeper to latest version 3.9.4 (awslabs#3005)
  - build(deps): bump com.google.protobuf:protobuf-bom from 4.29.3 to 4.32.0 (awslabs#2991)
  - Add serverless datalakegen2 support (awslabs#2973)
  - Abstract common OAuth handling and add OAuth support to Athena DataLake Gen2 Connector (awslabs#2932)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.32.29 to 2.33.4 (awslabs#2992)
  - build(deps): bump org.elasticsearch.client:elasticsearch-rest-client from 9.1.2 to 9.1.3 (awslabs#2993)
  - build(deps): bump io.lettuce:lettuce-core from 6.8.0.RELEASE to 6.8.1.RELEASE (awslabs#2994)
  - Hbase namespace issue (awslabs#2996)
github-actions bot pushed a commit to Jithendar12/aws-athena-query-federation that referenced this pull request Nov 29, 2025
Cut release 2025.47.1
d0e0ad6 
  - wait for release branch and checkout
  - wait for release branch and checkout
  - Update runner and slug
  - Update GitHub Actions workflows to build with Java 11 and 17
  - Remove hard-coded Glue list-jobs --max-results 100 to find all Glue jobs (awslabs#3127)
  - Added unit tests in athena-synapse Connector (awslabs#2963)
  - Updating EncryptionKeyFactory to add overirde AWS request configuration in KMS calls made generate encryption key (awslabs#3103)
  - Fix epoch date conversion correctness issue when machine time zone is not in UTC (awslabs#3108)
  - Fix CVE-2025-48924: Upgrade Apache Commons Lang3 to 3.19.0 (awslabs#3100)
  - Revise Athena Federated Queries instructions in README (awslabs#3069)
  - fix snowflake QPT return empty result (awslabs#3106)
  - add view into oracle paginated query (awslabs#3107)
  - build(deps): bump com.google.protobuf:protobuf-bom from 4.32.1 to 4.33.0 (awslabs#3071)
  - build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.9.7 to 4.9.8 (awslabs#3076)
  - build(deps): bump org.apache.avro:avro from 1.12.0 to 1.12.1 (awslabs#3075)
  - Handle ResourceNotFoundException from Dynamodb as AthenaConnectorExce… (awslabs#3098)
  - Added unit tests for bigquery (awslabs#2950)
  - Update PostgreSQL engine version to 15.10 (awslabs#3099)
  - Add unit tests for athena-oracle. (awslabs#2836)
  - Adding support to use custom SecretManagerClient for Google Big Query (awslabs#2846)
  - Added unit tests for athena-cloudera-impala Connector (awslabs#2880)
  - added unit tests for athena-vertica. (awslabs#2783)
  - added unit tests for athena-redshift. (awslabs#2733)
  - Always include partition column when get-table-layout (awslabs#3045)
  - fix cloudwatch glue connection cfn template (awslabs#3013)
  - Added unit tests for JDBC module (awslabs#2732)
  - Added pagination for Db2 connector (awslabs#2772)
  - [Fix] Include default truststore path when passing JAVA_TOOL_OPTIONS for Java 17 image (awslabs#3007)
  - build(deps): bump com.google.guava:guava from 33.4.0-jre to 33.4.8-jre (awslabs#2728)
  - Handle KMS and DDB NotFoundExceptions by throwing AthenaConnectorException (awslabs#3064)
  - build(deps): bump aws-sdk-v2.version from 2.35.1 to 2.35.5 (awslabs#3047)
  - build(deps): bump io.confluent:kafka-avro-serializer from 8.0.0 to 8.0.2 (awslabs#3055)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.35.0 to 2.35.5 (awslabs#3057)
  - build(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 (awslabs#3061)
  - Remove timestamp case from SnowflakeQueryStringBuilder (awslabs#2997)
  - build(deps): bump io.substrait.version from 0.65.0 to 0.66.0 (awslabs#3051)
  - build(deps): bump com.google.cloud:google-cloud-storage from 2.58.0 to 2.58.1 (awslabs#3059)
  - build(deps): bump org.postgresql:postgresql from 42.7.7 to 42.7.8 (awslabs#3063)
  - build(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 (awslabs#3062)
  - build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.9.4 to 4.9.6 (awslabs#3058)
  - build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 (awslabs#3060)
  - build(deps): bump net.sf.jt400:jt400 from 21.0.5 to 21.0.6 (awslabs#3053)
  - build(deps): bump com.teradata.jdbc:terajdbc from 20.00.00.50 to 20.00.00.51 (awslabs#3054)
  - build(deps): bump org.elasticsearch.client:elasticsearch-rest-client from 9.1.3 to 9.1.5 (awslabs#3056)
  - build(deps): bump org.bouncycastle:bcpkix-jdk18on from 1.81 to 1.82 (awslabs#3050)
  - build(deps): bump org.eclipse.rdf4j:rdf4j-repository-sparql from 5.1.6 to 5.2.0 (awslabs#3052)
  - build(deps): bump software.amazon.jsii:jsii-runtime from 1.114.1 to 1.115.0 (awslabs#3048)
  - build(deps): bump aws-sdk-v2.version from 2.34.5 to 2.35.0 (awslabs#3039)
  - build(deps-dev): bump nl.jqno.equalsverifier:equalsverifier from 4.1.1 to 4.2 (awslabs#3037)
  - build(deps): bump aws-sdk.version from 1.12.791 to 1.12.792 (awslabs#3035)
  - build(deps): bump net.java.dev.jna:jna-platform from 5.17.0 to 5.18.1 (awslabs#3038)
  - build(deps-dev): bump log4j2Version from 2.25.1 to 2.25.2 (awslabs#3029)
  - build(deps): bump io.substrait.version from 0.52.0 to 0.65.0 (awslabs#3021)
  - build(deps): bump org.assertj:assertj-core from 3.27.4 to 3.27.6 (awslabs#3019)
  - build(deps): bump com.amazonaws:aws-lambda-java-core from 1.3.0 to 1.4.0 (awslabs#3020)
  - build(deps): bump net.java.dev.jna:jna from 5.17.0 to 5.18.1 (awslabs#3034)
  - build(deps): bump org.jetbrains.kotlin:kotlin-stdlib from 2.2.10 to 2.2.20 (awslabs#3027)
  - build(deps): bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (awslabs#3033)
  - build(deps): bump org.bouncycastle:bcprov-jdk18on from 1.81 to 1.82 (awslabs#3022)
  - build(deps): bump org.bouncycastle:bcutil-jdk18on from 1.81 to 1.82 (awslabs#3024)
  - build(deps): bump org.sonatype.central:central-publishing-maven-plugin from 0.8.0 to 0.9.0 (awslabs#3026)
  - build(deps): bump org.codehaus.mojo:license-maven-plugin from 2.6.0 to 2.7.0 (awslabs#3023)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.33.8 to 2.35.0 (awslabs#3040)
  - Add Support for OAuth in athena-saphana Connector (awslabs#2894)
  - build(deps): bump aws-actions/configure-aws-credentials from 4 to 5 (awslabs#2975)
  - build(deps): bump actions/setup-node from 4 to 5 (awslabs#2976)
  - [Neptune] Add doc details on how multi-valued properties are handled. (awslabs#2995)
  - build(deps): bump org.jetbrains.kotlin:kotlin-reflect from 2.2.10 to 2.2.20 (awslabs#3028)
  - build(deps): bump software.amazon.glue:schema-registry-serde from 1.1.24 to 1.1.25 (awslabs#3030)
  - build(deps): bump org.jetbrains.kotlin:kotlin-stdlib-jdk8 from 2.2.10 to 2.2.20 (awslabs#3031)
  - build(deps): bump com.teradata.jdbc:terajdbc from 20.00.00.49 to 20.00.00.50 (awslabs#3032)
  - build(deps): bump aws-sdk-v2.version from 2.34.3 to 2.34.5 (awslabs#3017)
  - Add Support for OAuth in athena-sqlserver Connector (awslabs#3006)
  - Add Support for OAuth in athena-synapse Connector (awslabs#2904)
  - build(deps): bump software.amazon.jsii:jsii-runtime from 1.113.0 to 1.114.1 (awslabs#2979)
  - build(deps): bump org.apache.calcite.version from 1.39.0 to 1.40.0 (awslabs#2980)
  - build(deps): bump aws-sdk.version from 1.12.788 to 1.12.791 (awslabs#2981)
  - build(deps): bump org.eclipse.rdf4j:rdf4j-repository-sparql from 5.1.4 to 5.1.5 (awslabs#2983)
  - build(deps): bump com.clickhouse:clickhouse-jdbc from 0.9.1 to 0.9.2 (awslabs#2985)
  - build(deps): bump net.snowflake:snowflake-jdbc from 3.26.0 to 3.26.1 (awslabs#2987)
  - build(deps): bump org.yaml:snakeyaml from 2.4 to 2.5 (awslabs#2988)
  - build(deps-dev): bump nl.jqno.equalsverifier:equalsverifier from 4.0.9 to 4.1 (awslabs#2998)
  - build(deps): bump aws-sdk-v2.version from 2.32.29 to 2.33.9 (awslabs#2999)
  - build(deps): bump org.apache.kafka:kafka-clients from 4.0.0 to 4.1.0 (awslabs#3000)
  - build(deps): bump surefire.failsafe.version from 3.5.3 to 3.5.4 (awslabs#3001)
  - build(deps): bump com.microsoft.azure:msal4j from 1.22.0 to 1.23.1 (awslabs#3002)
  - build(deps): bump org.apache.maven.plugins:maven-shade-plugin from 3.6.0 to 3.6.1 (awslabs#3003)
  - build(deps): bump com.google.cloud:google-cloud-storage from 2.55.0 to 2.57.0 (awslabs#3004)
  - build(deps): bump com.sap.cloud.db.jdbc:ngdbc from 2.25.12 to 2.26.6 (awslabs#3012)
  - build(deps): bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1 (awslabs#3011)
  - Fixing error messages to not leak sensitive info (awslabs#3008)
  - Include linked accounts option when querying metric_samples table. (awslabs#2922)
  - Updating Zookeeper to latest version 3.9.4 (awslabs#3005)
  - build(deps): bump com.google.protobuf:protobuf-bom from 4.29.3 to 4.32.0 (awslabs#2991)
  - Add serverless datalakegen2 support (awslabs#2973)
  - Abstract common OAuth handling and add OAuth support to Athena DataLake Gen2 Connector (awslabs#2932)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.32.29 to 2.33.4 (awslabs#2992)
  - build(deps): bump org.elasticsearch.client:elasticsearch-rest-client from 9.1.2 to 9.1.3 (awslabs#2993)
  - build(deps): bump io.lettuce:lettuce-core from 6.8.0.RELEASE to 6.8.1.RELEASE (awslabs#2994)
  - Hbase namespace issue (awslabs#2996)
github-actions bot pushed a commit to Jithendar12/aws-athena-query-federation that referenced this pull request Nov 29, 2025
Cut release 2025.47.1
94b0900 
  - Update release workflow for Java version builds
  - Enhance cut_release workflow for Java 11 and 17
  - wait for release branch and checkout
  - wait for release branch and checkout
  - Update runner and slug
  - Update GitHub Actions workflows to build with Java 11 and 17
  - Remove hard-coded Glue list-jobs --max-results 100 to find all Glue jobs (awslabs#3127)
  - Added unit tests in athena-synapse Connector (awslabs#2963)
  - Updating EncryptionKeyFactory to add overirde AWS request configuration in KMS calls made generate encryption key (awslabs#3103)
  - Fix epoch date conversion correctness issue when machine time zone is not in UTC (awslabs#3108)
  - Fix CVE-2025-48924: Upgrade Apache Commons Lang3 to 3.19.0 (awslabs#3100)
  - Revise Athena Federated Queries instructions in README (awslabs#3069)
  - fix snowflake QPT return empty result (awslabs#3106)
  - add view into oracle paginated query (awslabs#3107)
  - build(deps): bump com.google.protobuf:protobuf-bom from 4.32.1 to 4.33.0 (awslabs#3071)
  - build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.9.7 to 4.9.8 (awslabs#3076)
  - build(deps): bump org.apache.avro:avro from 1.12.0 to 1.12.1 (awslabs#3075)
  - Handle ResourceNotFoundException from Dynamodb as AthenaConnectorExce… (awslabs#3098)
  - Added unit tests for bigquery (awslabs#2950)
  - Update PostgreSQL engine version to 15.10 (awslabs#3099)
  - Add unit tests for athena-oracle. (awslabs#2836)
  - Adding support to use custom SecretManagerClient for Google Big Query (awslabs#2846)
  - Added unit tests for athena-cloudera-impala Connector (awslabs#2880)
  - added unit tests for athena-vertica. (awslabs#2783)
  - added unit tests for athena-redshift. (awslabs#2733)
  - Always include partition column when get-table-layout (awslabs#3045)
  - fix cloudwatch glue connection cfn template (awslabs#3013)
  - Added unit tests for JDBC module (awslabs#2732)
  - Added pagination for Db2 connector (awslabs#2772)
  - [Fix] Include default truststore path when passing JAVA_TOOL_OPTIONS for Java 17 image (awslabs#3007)
  - build(deps): bump com.google.guava:guava from 33.4.0-jre to 33.4.8-jre (awslabs#2728)
  - Handle KMS and DDB NotFoundExceptions by throwing AthenaConnectorException (awslabs#3064)
  - build(deps): bump aws-sdk-v2.version from 2.35.1 to 2.35.5 (awslabs#3047)
  - build(deps): bump io.confluent:kafka-avro-serializer from 8.0.0 to 8.0.2 (awslabs#3055)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.35.0 to 2.35.5 (awslabs#3057)
  - build(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 (awslabs#3061)
  - Remove timestamp case from SnowflakeQueryStringBuilder (awslabs#2997)
  - build(deps): bump io.substrait.version from 0.65.0 to 0.66.0 (awslabs#3051)
  - build(deps): bump com.google.cloud:google-cloud-storage from 2.58.0 to 2.58.1 (awslabs#3059)
  - build(deps): bump org.postgresql:postgresql from 42.7.7 to 42.7.8 (awslabs#3063)
  - build(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 (awslabs#3062)
  - build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.9.4 to 4.9.6 (awslabs#3058)
  - build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 (awslabs#3060)
  - build(deps): bump net.sf.jt400:jt400 from 21.0.5 to 21.0.6 (awslabs#3053)
  - build(deps): bump com.teradata.jdbc:terajdbc from 20.00.00.50 to 20.00.00.51 (awslabs#3054)
  - build(deps): bump org.elasticsearch.client:elasticsearch-rest-client from 9.1.3 to 9.1.5 (awslabs#3056)
  - build(deps): bump org.bouncycastle:bcpkix-jdk18on from 1.81 to 1.82 (awslabs#3050)
  - build(deps): bump org.eclipse.rdf4j:rdf4j-repository-sparql from 5.1.6 to 5.2.0 (awslabs#3052)
  - build(deps): bump software.amazon.jsii:jsii-runtime from 1.114.1 to 1.115.0 (awslabs#3048)
  - build(deps): bump aws-sdk-v2.version from 2.34.5 to 2.35.0 (awslabs#3039)
  - build(deps-dev): bump nl.jqno.equalsverifier:equalsverifier from 4.1.1 to 4.2 (awslabs#3037)
  - build(deps): bump aws-sdk.version from 1.12.791 to 1.12.792 (awslabs#3035)
  - build(deps): bump net.java.dev.jna:jna-platform from 5.17.0 to 5.18.1 (awslabs#3038)
  - build(deps-dev): bump log4j2Version from 2.25.1 to 2.25.2 (awslabs#3029)
  - build(deps): bump io.substrait.version from 0.52.0 to 0.65.0 (awslabs#3021)
  - build(deps): bump org.assertj:assertj-core from 3.27.4 to 3.27.6 (awslabs#3019)
  - build(deps): bump com.amazonaws:aws-lambda-java-core from 1.3.0 to 1.4.0 (awslabs#3020)
  - build(deps): bump net.java.dev.jna:jna from 5.17.0 to 5.18.1 (awslabs#3034)
  - build(deps): bump org.jetbrains.kotlin:kotlin-stdlib from 2.2.10 to 2.2.20 (awslabs#3027)
  - build(deps): bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (awslabs#3033)
  - build(deps): bump org.bouncycastle:bcprov-jdk18on from 1.81 to 1.82 (awslabs#3022)
  - build(deps): bump org.bouncycastle:bcutil-jdk18on from 1.81 to 1.82 (awslabs#3024)
  - build(deps): bump org.sonatype.central:central-publishing-maven-plugin from 0.8.0 to 0.9.0 (awslabs#3026)
  - build(deps): bump org.codehaus.mojo:license-maven-plugin from 2.6.0 to 2.7.0 (awslabs#3023)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.33.8 to 2.35.0 (awslabs#3040)
  - Add Support for OAuth in athena-saphana Connector (awslabs#2894)
  - build(deps): bump aws-actions/configure-aws-credentials from 4 to 5 (awslabs#2975)
  - build(deps): bump actions/setup-node from 4 to 5 (awslabs#2976)
  - [Neptune] Add doc details on how multi-valued properties are handled. (awslabs#2995)
  - build(deps): bump org.jetbrains.kotlin:kotlin-reflect from 2.2.10 to 2.2.20 (awslabs#3028)
  - build(deps): bump software.amazon.glue:schema-registry-serde from 1.1.24 to 1.1.25 (awslabs#3030)
  - build(deps): bump org.jetbrains.kotlin:kotlin-stdlib-jdk8 from 2.2.10 to 2.2.20 (awslabs#3031)
  - build(deps): bump com.teradata.jdbc:terajdbc from 20.00.00.49 to 20.00.00.50 (awslabs#3032)
  - build(deps): bump aws-sdk-v2.version from 2.34.3 to 2.34.5 (awslabs#3017)
  - Add Support for OAuth in athena-sqlserver Connector (awslabs#3006)
  - Add Support for OAuth in athena-synapse Connector (awslabs#2904)
  - build(deps): bump software.amazon.jsii:jsii-runtime from 1.113.0 to 1.114.1 (awslabs#2979)
  - build(deps): bump org.apache.calcite.version from 1.39.0 to 1.40.0 (awslabs#2980)
  - build(deps): bump aws-sdk.version from 1.12.788 to 1.12.791 (awslabs#2981)
  - build(deps): bump org.eclipse.rdf4j:rdf4j-repository-sparql from 5.1.4 to 5.1.5 (awslabs#2983)
  - build(deps): bump com.clickhouse:clickhouse-jdbc from 0.9.1 to 0.9.2 (awslabs#2985)
  - build(deps): bump net.snowflake:snowflake-jdbc from 3.26.0 to 3.26.1 (awslabs#2987)
  - build(deps): bump org.yaml:snakeyaml from 2.4 to 2.5 (awslabs#2988)
  - build(deps-dev): bump nl.jqno.equalsverifier:equalsverifier from 4.0.9 to 4.1 (awslabs#2998)
  - build(deps): bump aws-sdk-v2.version from 2.32.29 to 2.33.9 (awslabs#2999)
  - build(deps): bump org.apache.kafka:kafka-clients from 4.0.0 to 4.1.0 (awslabs#3000)
  - build(deps): bump surefire.failsafe.version from 3.5.3 to 3.5.4 (awslabs#3001)
  - build(deps): bump com.microsoft.azure:msal4j from 1.22.0 to 1.23.1 (awslabs#3002)
  - build(deps): bump org.apache.maven.plugins:maven-shade-plugin from 3.6.0 to 3.6.1 (awslabs#3003)
  - build(deps): bump com.google.cloud:google-cloud-storage from 2.55.0 to 2.57.0 (awslabs#3004)
  - build(deps): bump com.sap.cloud.db.jdbc:ngdbc from 2.25.12 to 2.26.6 (awslabs#3012)
  - build(deps): bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1 (awslabs#3011)
  - Fixing error messages to not leak sensitive info (awslabs#3008)
  - Include linked accounts option when querying metric_samples table. (awslabs#2922)
  - Updating Zookeeper to latest version 3.9.4 (awslabs#3005)
  - build(deps): bump com.google.protobuf:protobuf-bom from 4.29.3 to 4.32.0 (awslabs#2991)
  - Add serverless datalakegen2 support (awslabs#2973)
  - Abstract common OAuth handling and add OAuth support to Athena DataLake Gen2 Connector (awslabs#2932)
  - build(deps): bump software.amazon.awssdk:cloudwatchlogs from 2.32.29 to 2.33.4 (awslabs#2992)
  - build(deps): bump org.elasticsearch.client:elasticsearch-rest-client from 9.1.2 to 9.1.3 (awslabs#2993)
  - build(deps): bump io.lettuce:lettuce-core from 6.8.0.RELEASE to 6.8.1.RELEASE (awslabs#2994)
  - Hbase namespace issue (awslabs#2996)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@burhan94 burhan94 burhan94 approved these changes

@aimethed aimethed aimethed approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Trianz-Akshay @burhan94 @aimethed